How Community Ladders Safeguards Your Information
As our members know, at Community Ladders we tend to be obsessive about certain things – like saving and preserving every last dollar. We are also obsessed with information security, which is why I wanted to take a moment to talk about how we protect our members’ information.
First off, we take in very little information. This is certainly by design. We know that almost all electronic and physical information can be stolen by a motivated criminal, so the less information we retain the better. We only ask members for their contact information (e-mail and phone), month and year of birth (not the day), their account balances, and (at their option) a unique, shared password to a Mint.com account. We never have access to other passwords or any account numbers, even through Mint.com’s read-only service. Even payments are handled exclusively through PayPal, so we never store your payment information.
[Those that have their taxes prepared by Community Ladders, however, do submit a social security number and other vital information. We do not disclose publicly our security measures for protecting this information; our approach is only shared directly with those tax clients.]
Secondly, we try to make it difficult for would-be thieves to steal information. I usually explain this with an analogy to The Club® used on car steering wheels. The Club® will not defeat a motivated thief, but the trick is to make your car look more challenging than the one next to it. Criminals, it turns out, tend to be lazy and go for the easier score.
Here are some of our security measures designed to deter information thieves:
- We use only password-encrypted (WPA2/AES) Internet connections, including a dedicated account for our members to use during their meetings with us
- We use a tunneling VPN for communications when traveling
- We shred, and dispose of off-site, any financial information retained – and no longer needed – on our members (though we seldom keep financial paperwork, like account statements, from our members in the first place)
- Our building has controlled access and a front desk attendant 24-7.
When it comes down to it, the security of our members’ information is a partnership. Only if our members take similar precautions on their end (especially encrypted Internet), can we encourage information thieves to move on to other, less vigilant, targets.
Comments are closed.